EP0848872B1 - Method and device for the sealing of computer data - Google Patents

Method and device for the sealing of computer data Download PDF

Info

Publication number
EP0848872B1
EP0848872B1 EP96931023A EP96931023A EP0848872B1 EP 0848872 B1 EP0848872 B1 EP 0848872B1 EP 96931023 A EP96931023 A EP 96931023A EP 96931023 A EP96931023 A EP 96931023A EP 0848872 B1 EP0848872 B1 EP 0848872B1
Authority
EP
European Patent Office
Prior art keywords
time
signal
dcf
internal
external
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
EP96931023A
Other languages
German (de)
French (fr)
Other versions
EP0848872A1 (en
Inventor
Klaus Nissl
Matthias Meinhold
Hartmut Günther
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
TimeSafe TrustCenter GmbH
Original Assignee
TimeSafe TrustCenter GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Family has litigation
First worldwide family litigation filed litigation Critical https://patents.darts-ip.com/?family=7771229&utm_source=google_patent&utm_medium=platform_link&utm_campaign=public_patent_search&patent=EP0848872(B1) "Global patent litigation dataset” by Darts-ip is licensed under a Creative Commons Attribution 4.0 International License.
Application filed by TimeSafe TrustCenter GmbH filed Critical TimeSafe TrustCenter GmbH
Publication of EP0848872A1 publication Critical patent/EP0848872A1/en
Application granted granted Critical
Publication of EP0848872B1 publication Critical patent/EP0848872B1/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • H04L2209/601Broadcast encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • the receiver modules for radio clock signals have a high technical level (such as in Design & Elektronik 10, May 16, 1995, code 242 "Industrial clocks in the atomic age” explained in more detail) and deliver the complete date / time information every minute, in hereinafter referred to as normal time.
  • time signal signals abroad such as MSF (England) and WWVR (USA)
  • the time signal is also in GPS (global positioning system, see below).
  • a second embodiment differs from the first by using a network instead of the institution or a "world” used by writers who are mutually at random the time stamp and Issue signature on the documents sent.
  • the Institution TSA or the author world uses the as time "Computer clock time", i.e. the manipulable internal clock of the computer dealing with time stamping.
  • the invention is therefore based on the object of a method and a device for creating a time stamp or Sealing digital data, creating the for the Time stamping took a little time Has manipulation possibility.
  • the method and the device for sealing computer data by means of a combination from normal time integration, authentication and encryption protects them sealed data from unauthorized access or manipulation, both in stationary IT area (exemplary embodiment PC plug-in card) as well as for remote data transmission (Example of additional board). See, Fig. 2: Device for data sealing.
  • a plug-in card is used for retrofitting, and one for the EDI devices Additional board favored.
  • the PC i.e. computer in general
  • any interface serial, parallel, PCMCIA adapter
  • the transmitter provides the date and time information.
  • other signal carriers such as satellite, TV cable, telephone, TV transmitter, etc. in question.
  • So-called providers e.g. Weg
  • providers can also offer the option of Signal assignment or integration can be granted.
  • the nature of the receiver depends on that of the transmitter. In principle can Radio and cable signals are received. A corresponding logic evaluates the received ones Signals off.
  • the authenticity is checked for the radio clock signal due to a lack of specificity additional signals about the counting up of the time pulse, d. H. with any manipulation entries older than the date are the last queried, unadulterated date-time signal recognized as manipulation.
  • the received signal with a internal clock (RTC, Real Time Clock) adjusted, with time differences outside of a control area indicate manipulation.
  • Authentication takes place via a device and / or a method that unequivocally determines the identity of the sender or the recipient of a message.
  • the electronic signature is currently the subject of research (see in Design & Electronics 14/15, 07/18/95, reference number 212 "single-chip controller for crypto cards”).
  • Other devices and methods card readers, fingerprint readers, and transponder systems as described in Design & Electronics, reference number 283 "Non-contact identification", etc. are also suitable for proving authentication.
  • the time signal is modified using hardware (GAL, PAL and / or others Hardware encryption methods such as the Clipper chip, which was published in c't Magazine 1994, Issue 8, p. 24 "The NSA and the Clipper Chip” is explained) and / or using software (Encryption algorithm, e.g. according to the RSA procedure, more details in c't magazine 1994, Issue 8, pp. 230 ff: "Data Locks, Fundamentals of Cryptology". A decryption can only be done by the person who holds the key to the modification logic owns.
  • the chip or the corresponding Components of the plug-in card cast in and with an electromechanical Coupling technology provided, so that a subsequent reading of microprocessor elements is difficult. 5, the contact has the Shielding 1 and 2 result in the deletion of the programmed components, so-called black box solution.
  • a document contains the date and, if applicable, the time of the creation of the document. Via satellite positioning (GPS, global Positioning system), this location can be sufficiently identified and incorporated into the Include document in the same way as e.g. the normal time.
  • GPS global Positioning system
  • the radio clock signal takes over DCF 77 of the Physikalisch Technische Bundesweg in Braunschweig of the transmitter
  • the received signal is demodulated and amplified as a 100 ms or a 200 ms pulse per second to the PC plug-in card for evaluation passed on
  • a microcontroller on the plug-in card sets the received signal pulses into a time information and saves using a special logic that is individual is tailored to each plug-in card, the last time received.
  • the validation of the DCF-77 signal is shown in FIG. 7.
  • Each plug-in card is provided with an individual identification number. Hard and Software use this number for machine identification.
  • That from the original file using a signature process (e.g. MD5, Message Digest 5 signal generated by Ron Rivest, or similar) is provided with a header (information about those involved Sizes such as operating system version, file size, etc.) and with a defined part of the original file itself into a block, which in the present case has a size of 4kByte (so-called 4kBlock).
  • a signature process e.g. MD5, Message Digest 5 signal generated by Ron Rivest, or similar
  • a header information about those involved Sizes such as operating system version, file size, etc.
  • 4kBlock 4kByte
  • the microcontroller software accesses the time signal, installs it in the 4k block, encrypts it in the black box and attaches the time-stamped digital signature the original file. Optionally, this can also be saved separately or together with the original file can be encrypted again. (see Fig. 8).
  • Decryption can only be done by the key holder. Doing so Verification of subsequent manipulation carried out by the signature verification.
  • the device according to the invention is designed as an additional card, then the corresponding Requirements for the transmitter and receiver for the implementation of the device as a PC plug-in card (so.).
  • FIG. 1 shows the data flow diagram of a file which is encrypted on the transmitter side and is decrypted on the receiver side, whereby to encrypt the data Signal is integrated, the normal time of an external source and an authentication code contains.
  • a file of the content abc on the transmitter side in a PC, fax, telex, cell phone or the like can be over a transport level, for example remote data transmission (DFÜ) to the recipient side be transmitted.
  • DFÜ remote data transmission
  • the receiving end includes the same components as the transmitter side, namely PC, fax, telex, Cell phone, or the like.
  • the sender file the content abc undergo encryption, being validated in the encryption a normal time (external) and an identification is integrated.
  • the one so encrypted A file with an illegible content is converted via the transport level to Transfer recipient.
  • the transmitted, encrypted file is sent to the recipient decrypted by a key owner, with a manipulation check and an authentication check takes place. Then the file is in the readable again Form with the content abc before.
  • the device according to the invention for sealing computer data.
  • the device for example in a PC, a notebook or the like Device can be run in the form of a plug-in card if the stationary device is retrofitted
  • the invention Device by an integrated circuit, for example by a ASIC, the device according to the invention becomes non-stationary, i.e. in remote data transmission, for example in a fax, modem or the like, used, in the case of retrofitting this can be done, for example, with an additional board respectively.
  • the device With a new device, the device becomes like in a stationary case by an integrated circuit, for example an ASIC.
  • FIG. 3 shows a schematic structural diagram of the device according to the invention, consisting of the higher-level components receiver, authentication and Encoder.
  • the recipient receives date and time information. It is also possible to use a Location information, which can come from a GPS signal, for example, also This information is decoded, in the present embodiment a time signal decoder is given as an example for clarification. As a transmitter the date, time and / or location information comes already in the previous one listed sources, including a transmitter specially designed for this purpose into consideration.
  • the authentication establishes the identity of the sender or recipient of the message / file firmly. This can be done using a card reader, for example. Authentication can also by means of an identity process, such as an electronic signature.
  • the device can be encrypted using appropriate hardware, for example a clipper chip, or suitable software, d. H. a corresponding Encryption algorithm.
  • Fig. 4 shows an incomplete overview of possible transmitters of a suitable one Time signal.
  • the necessary time signal can be transmitted by radio, for example as a DCF77 signal the Physikalisch Technische Bundesweg Braunschweig, or via satellite A transmission of the time signal via cable within a TV signal or telephone signal is also possible.
  • Fig. 5 shows a protective device against unauthorized reading or manipulation of programmed components of a device according to the invention.
  • the so-called Blackbox solution comprises two protective grids designed as first and second shields, which surround the device according to the invention, the arranged on a circuit board electronic components and the shields cast in a potting compound are. Furthermore, an accumulator is arranged in the device, the potential of which the shields and the programmed components are connected so that a Contacting (short circuit) of the two shields with one another, for example deleting or Destruction of the connected components would result.
  • FIG. 6 shows an embodiment of the method or device according to the invention as a plug-in card in a PC and the necessary functional parts
  • a radio clock transmitter for example (Federal Republic of Germany) sends standard time as a DCF77 signal.
  • a suitable radio clock receiver converts these signals into a serial clock signal into the device according to the invention realized as a PC card.
  • the PC plug-in card includes a microcontroller, an EPROM, an EEPROM, logic circuits, for example GALs, PALs, ASICs or the like, an encoder and a bus driver. Further an appropriate signature is entered via a card reader.
  • the file of the content "abc" is encrypted in the PC, time stamped and signed so that the file to be transferred matches the encrypted content results.
  • FIG. 7 shows the validation of the received time signal in the microcontroller of FIG. 6.
  • the receiver component supplies a DCF77 signal tocF to the microcontroller.
  • the EEPROM of the device contains the last valid time signal t E , whereby the condition t DCF > t E must be fulfilled.
  • a real-time clock arranged in the device according to the invention which can be implemented as an independent component or by means of the microcontroller, contains the current time t A with a tolerance T, which can be, for example, 1 sec / month.
  • Fig. 8 shows schematically the inclusion of the normal time when encrypting. From one Original file "demo txt" is created using a signature process and with provide a header. With a defined part of the original file it becomes a so-called 4kByte block “4kblock.sta” generated.
  • the microcontroller picks up in the black box the time signal DCF77 (or GPS) and performs the validation described in FIG. 7 of the DCF77 signal. The process is limited to n attempts.
  • the validated Time signal is built into the 4kByte block and encrypted in the black box.
  • the encrypted 4kByte block "4kblock.tst", i.e.
  • the so-called time-stamped digital signature is transferred to the original "demo.txt” file using software and the PC bus attached .
  • the combination of the original file “demo.txt” and the signature "4kblock.tst” saved separately or together again to a file “demo.tsc” be encrypted.
  • Other inputs / outputs of the black box are motherboard activation, Chip card readers / writers and transponders.
  • the normal time (and possibly further information) is determined by a time transmitter or cable, a transmission PC or transmission EDI, e.g. Fax machine, fed, who perform the coding / decoding of a corresponding information (file).
  • the encrypted file is transmitted by means of remote data transmission (Dashed lines mean a coded dial-up signal).
  • the respective sending PC or the sender fax is over with a corresponding receiving PC or receiving fax a corresponding EDI path connected.
  • the send / receive function can otherwise be reversed. Decoding, both on the transmitting and receiving side, archiving or printing out if authorization is available.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Diaphragms For Electromechanical Transducers (AREA)

Abstract

Digital data is provided with a time stamp of an internal time signal of an internal clock. The internal time signal is validated by receiving and evaluating an internal broadcast or a cable signal of an external time source, from which a standard time can be derived, comparing the standard time with the internal time signal of the internal clock, and time stamping the digital data. The digital data is time stamped only if a time difference between the internal and external time signals lies within a given tolerance range. Finally, the time-stamped digital data is encrypted.

Description

Der elektronische Daten- und Informationsaustausch mittels Computer, Telefax, Telex und anderen entsprechenden Medien hat in den letzten Jahren einen gewaltigen Aufschwung erhalten. Der wachsende Einsatz der EDV auf allen Gebieten steht angesichts der Qualität und der Quantität des verarbeiteten Datenmaterials vor einer völlig neuen Dimension der geforderten Datensicherheit. Dies gilt insbesondere für die Datenfernübertragung (DFÜ), wie tägliche Presseberichte zeigen. Beispiele finden sich in Ärzte-Zeitung 14, Nr. 86, 11.05.95 "Internet ist für sensible Daten nicht geeignet" und PraxisComputer Nr. 1, 10. Februar 1995, S. 15 "Trau' keinem über Fax ..."Electronic data and information exchange using computers, faxes, telex and other related media has seen tremendous growth in recent years receive. The growing use of EDP in all areas is in view the quality and quantity of the data processed before a completely new one Dimension of the required data security. This applies in particular to remote data transmission (DFÜ), as daily press reports show. Examples can be found in Ärzte-Zeitung 14, No. 86, May 11, 1995 "Internet is not suitable for sensitive data" and PraxisComputer No. 1, February 10, 1995, p. 15 "Don't trust anyone via fax ..."

Die Forderung nach Datenversiegelung, Dokumentenechtheit und rechtsverbindlicher Kommunikation wird immer lauter. Es ist eine Frage der Zeit, bis der Gesetzgeber entsprechende Richtlinien erläßt. Der Wortlaut eines entsprechenden Interviews ist in PraxisComputer Nr. 5, 10. August 1995, S. 36 "Knappe Ressourcen besser nutzen", Interview mit Dr. Winfried Schorre und Horst Seehofer, abgedruckt.The demand for data sealing, document authenticity and legally binding Communication is getting louder. It is a matter of time before the legislature does so Guidelines. The wording of a corresponding interview is in PraxisComputer No. 5, August 10, 1995, p. 36 "Making better use of scarce resources", interview with Dr. Winfried Schorre and Horst Seehofer, printed.

Einige der denkbaren Manipulationsmöglichkeiten werden im folgenden kurz aufgeführt, um die Sachlage zu verdeutlichen.Some of the possible manipulation options are briefly listed below, to clarify the situation.

Beispiel MedizinExample medicine

Der Operateur erstellt postoperativ per Diktat, das anschließend von der Schreibkraft in den Computer eingegeben wird, den Operationsbericht. Nachträglich stellt sich heraus, daß der Operateur einen Fehler begangen hat, z.B. aufgrund einer zuvor diagnostizierten Linsentrübung Entfernung der Augenlinse, allerdings auf der falschen Seite. Nachträglich versucht der Operateur, den präoperativen Befund (Linsentrübung links) zu manipulieren (Linsentrübung rechts), um sich zu entlasten.The surgeon created postoperatively by dictation, which was then written by the typist entered into the computer, the operation report. It turns up later out that the operator made a mistake, e.g. based on a previously diagnosed Lens opacification Removal of the eye lens, albeit on the wrong one Page. The surgeon subsequently tries the preoperative finding (Left lens clouding) manipulated (Right lens clouding) to relieve yourself.

Beispiel FinanzenExample finance

Transaktionen mit einem Wechselkurs zum Zeitpunkt t1 Zum Zeitpunkt t2 ist der Kurs gefallen, eine nachträgliche Manipulation soll in betrügerischer Weise den Verlust verhindernTransactions with an exchange rate at time t1 at time t2 is Falling course, subsequent manipulation is said to fraudulently result in loss prevent

Beispiel ForschungExample research

Wer hat eine Erfindung zuerst dokumentiert?Who first documented an invention?

Beispiel RechtswesenExample legal system

Protokollerstellung bei der Beweisaufnahme, bei deren Verwendung vor Gericht Dokumentenechtheit gefordert wird.Creation of minutes when taking evidence, when used in court, document authenticity is required.

Beispiel DatenaustauschExample data exchange

Der Entlassungsbrief eines Psychiatrie-Patienten soll per Modem an den Hausarzt gesendet werden. Die Authentizität des Empfängers muß sichergestellt und eine unbefugte Einsichtnahme in die vertraulichen Unterlagen verhindert werden. Siehe auch in PraxisComputer Nr. 6, 15. Oktober 1994, S. 5: "Schweigepflicht und Datennetze".The discharge letter of a psychiatric patient should be sent to the family doctor via modem be sent. The authenticity of the recipient must be ensured and unauthorized Access to confidential documents can be prevented. See also in PraxisComputer No. 6, October 15, 1994, p. 5: "Confidentiality and data networks".

Die Physikalisch Technische Bundesanstalt in Braunschweig sendet die durch eine Cäsiumuhr ermittelte Uhrzeit mittels Funkwellen von Mainflingen aus Das Signal kann im Umkreis von 1500 - 2000 km empfangen werden. Näheres unter ELV-Journal 6/94, S.27 ff "DCF Empfangstechnik".The Physikalisch Technische Bundesanstalt in Braunschweig sends them through a cesium clock time determined by means of radio waves from Mainflingen Within a radius of 1500 - 2000 km. More details under ELV-Journal 6/94, p.27 ff "DCF reception technology".

Die Empfängermodule für Funkuhrsignale besitzen ein hohes technisches Niveau (wie in Design&Elektronik 10, 16.05.95, Kennziffer 242 "Industrie-Uhren im Atomzeitalter" näher erläutert) und liefern jede Minute die komplette Datum- /Uhrzeitinformation, im folgenden als Normalzeit bezeichnet.The receiver modules for radio clock signals have a high technical level (such as in Design & Elektronik 10, May 16, 1995, code 242 "Industrial clocks in the atomic age" explained in more detail) and deliver the complete date / time information every minute, in hereinafter referred to as normal time.

Auch im Ausland existieren Zeitzeichensignale wie zum Beispiel MSF (England) und WWVR (USA), ferner ist das Zeitsignal in GPS ( globales Positionsbestimmungssystem, s.u.) enthalten. There are also time signal signals abroad, such as MSF (England) and WWVR (USA), the time signal is also in GPS (global positioning system, see below).

Seit es Informationen gibt, besteht der Wunsch, diese durch Verschlüsselung vor dem allgemeinen Zugriff zu schützen. Die Sicherheit des eingesetzten Schlüssels korreliert mit der Güte des Schlüsselalgorithmus.Since there is information, there has been a desire to encrypt it before to protect general access. The security of the key used correlates with the goodness of the key algorithm.

Zur Geheimhaltung vertraulicher Daten stehen verschiedene Verschlüsselungsverfahren zur Verfügung, die entsprechend dem Aufwand eine mehr oder weniger große Datensicherheit bieten. Prinzipiell unterscheidet man zwischen symmetrischen (Kryptoverfahren nach Feal, DES u.a.) und asymmetrischen Verfahren (RSA, PGP u.a.).Various encryption methods are available to keep confidential data confidential available, which according to the effort a more or less great data security Offer. In principle, a distinction is made between symmetrical (crypto methods according to Feal, DES and others) and asymmetrical processes (RSA, PGP and others).

Verschiedene Unternehmungen in Richtung Dokumentenechtheit und rechtsverbindlicher Kommunikation haben bislang keine befriedigende Lösung erbracht. Die Gleichstellung der digitalen Signatur mit der eigenhändigen Unterschrift ist Gegenstand intensiver Forschung, wie in c't Magazin 1995, Heft 6, S. 46 "Krypto-Neid" und in Design&Elektronik 14/15, 18.07.95, Kennziffer 212 "Single-Chip-Controller für Kryptokarten" ausgeführt. Gegenüber der alleinigen Verschlüsselung bietet die digitale Signatur vielfältige Vorteile (Glade, A., Reimer, H., Struif, B.: Digitale Signatur und sicherheitssensitive Anwendungen, Wiesbaden 1995).Various companies in the direction of document authenticity and legally binding Communication has so far not provided a satisfactory solution. Equality the digital signature with the handwritten signature is the subject of more intense Research as in c't Magazin 1995, number 6, p. 46 "Krypto-Enid" and in Design & Electronics 14/15, 07/18/95, code 212 "single-chip controller for crypto cards" executed. Compared to the sole encryption, the digital signature offers diverse advantages (Glade, A., Reimer, H., Struif, B .: digital signature and security-sensitive Applications, Wiesbaden 1995).

Die nachträgliche Manipulierbarkeit von EDV-Daten stellt ein bislang ungelöstes Problem dar. Zum Dokument im juristischen Sinne wird eine Datei erst durch ihren Ausdruck, der mit Datum und Unterschrift versehen werden muß. Angesichts der Datenfülle und der Geschwindigkeit ihrer Erzeugung und Vernichtung (Datenturnover) stößt dieses Verfahren an die Grenzen des Machbaren.The subsequent manipulation of EDP data poses an as yet unsolved problem A file becomes a document in the legal sense only when it is printed out, which must be dated and signed. Given the wealth of data and the speed of their creation and destruction (data turnover) bumps this Processes to the limits of what is possible.

Der wachsende Datenaustausch per Computer, Telefax und anderen Medien sowie die permanent steigende Anzahl von Vernetzungen auf nationaler und internationaler Ebene (Internet u.a., siehe auch in der Ärzte-Zeitung 14, Nr. 86, 11.05.95 "Internet ist für sensible Daten nicht geeignet") erfordern adäquate Maßnahmen zur Datensicherheit. Näheres in PraxisComputer Nr. 1, 10. Februar 1995, S. 15 "Trau' keinem über Fax...." und c't Magazin 1994, Heft 8, S. 230 ff:: "Datenschlösser, Grundlagen der Kryptologie") WO-A-92/03 000 offenbart ein System zum Zeitstempeln eines digitalen Dokuments. Dabei präpariert ein Autor ein digitales Dokument und sendet es in einer ersten Ausführungsform zu einer Zeitstempelinstitution (Authority ,TSA). Dort wird das Dokument zeitgestempelt, d.h. es werden dem Dokument digitale Daten zugefügt, die die Zeit repräsentieren, und die Institution fügt noch ihre Signatur zu, um beispielsweise die Richtigkeit oder Echtheit der Zeitstempelung zu dokumentieren. Dann wird das mit der Zeitstempelung und der Signatur versehene Dokument an den Autor zurückgesendet, der damit später einen Beweis der Existenz des ursprünglichen Dokuments führen kann. Um eine spätere Manipulation an dem Dokument zu verhindern, kann das Dokument vor dem Senden an die TSA mittels beispielsweise einer Hashfunktion komprimiert werden, wobei die Hashkompression anstelle des Dokuments bei der Institution zeitgestempelt und signiert wird. Eine zweite Ausführungsform unterscheidet sich von der ersten dadurch, daß anstelle der Institution ein Netz oder eine "Welt" von Autoren verwendet wird, die sich gegenseitig nach einem Zufallsprinzip die Zeitstempelung und Signierung auf die versendeten Dokumente erteilen. Die Institution TSA bzw. die Autorenwelt benutzt als Zeit die "Computer clock time", d.h. die manipulierbare interne Uhr des mit der Zeitstempelung befaßten Computers.The growing exchange of data via computer, fax and other media as well as permanently increasing number of networks at national and international level (Internet and others, see also in Ärzte-Zeitung 14, No. 86, 11.05.95 "Internet is for sensitive Data not suitable ") require adequate data security measures in PraxisComputer No. 1, February 10, 1995, p. 15 "Don't trust anyone via fax ...." and c't Magazine 1994, Issue 8, p. 230 ff :: "Data locks, basics of cryptology") WO-A-92/03 000 discloses a system for time stamping a digital document. An author prepares a digital one Document and sends it to a in a first embodiment Authority (TSA) timestamp. There is the document timestamped, i.e. the document becomes digital data added that represent the time, and the institution adds nor their signature to, for example, the correctness or Document the authenticity of the time stamp. Then it will be with the time stamp and the signature on the document Author who sent proof of the Existence of the original document. To one This can prevent future manipulation of the document Document before sending to the TSA using, for example, a Hash function to be compressed, the hash compression instead of the document at the institution timestamped and is signed. A second embodiment differs from the first by using a network instead of the institution or a "world" used by writers who are mutually at random the time stamp and Issue signature on the documents sent. The Institution TSA or the author world uses the as time "Computer clock time", i.e. the manipulable internal clock of the computer dealing with time stamping.

Der Artikel von Davida et al.: "Arbitration in Tamper Proof Systems", Advances in Cryptologie-Crypto 87 Proceedings, Santa Barbara, CA, USA, 16-20. Aug. 1987, ISBN 3-540-18796-0, 1988, Berlin, West-Germany, Springer Verlag, Seiten 216-222, beschreibt verschiedene Verfahren zum Erzeugen von manipulationssicheren Systemen, so unter anderem digitale Signatursysteme, Systeme mit öffentlichen Schlüsseln und Notarsysteme, die eine Zeitstempelung beinhalten. So wird eine Nachricht unter Verwendung einer Vorrichtung verschlüsselt. Dabei wird in der Vorrichtung eine Nachrichtennummer mc und ein Zeitstempel ts an die Nachricht angehängt und verschlüsselt. Aus dem Ergebnis, dh. der Nachricht plus der Nummer mc plus dem Zeitstempel ts, wird eine verschlüsselte Hashfunktion ha generiert. Allerdings wird keine Aussage über die verwendete Zeit getroffen.The article by Davida et al .: "Arbitration in Tamper Proof Systems ", Advances in Cryptology-Crypto 87 Proceedings, Santa Barbara, CA, USA, 16-20. Aug. 1987, ISBN 3-540-18796-0, 1988, Berlin, West Germany, Springer Verlag, pages 216-222, describes various methods for generating Tamper-proof systems, such as digital Signature systems, systems with public keys and Notary systems that include time stamping. This is how one becomes Message encrypted using a device. Here, a message number mc and a in the device Time stamp ts attached to the message and encrypted. From the result, ie. the message plus the number mc plus that Time stamp ts, becomes an encrypted hash function ha generated. However, no statement is used about the Time hit.

Nachteilig bei den obigen bekannten Verfahren und Systemen ist die Tatsache, daß keines der Verfahren eine sichere Zeit gewährleisten kann, so daß eine Manipulationsmöglichkeit hinsichtlich der verwendeten Zeit nicht gewährleistet ist.A disadvantage of the above known methods and systems the fact that none of the procedures are a safe time can guarantee, so that a possibility of manipulation is not guaranteed with regard to the time used.

Der Erfindung liegt daher die Aufgabe zugrunde, ein Verfahren und eine Vorrichtung zum Erstellen eines Zeitstempels bzw. zum Versiegeln von digitalen Daten zu schaffen, wobei die für die Zeitstempelung benötigte Zeit eine geringe Manipulationsmöglichkeit aufweist.The invention is therefore based on the object of a method and a device for creating a time stamp or Sealing digital data, creating the for the Time stamping took a little time Has manipulation possibility.

Die Aufgabe wird durch die Merkmale der Verfahrensansprüche 1 und 2 sowie der Vorrichtungsansprüche 11 und 12 gelöst. Bevorzugte Ausgestaltungen der Erfindung sind Gegenstand der Unteransprüche. The object is achieved by the features of method claims 1 and 2 and the device claims 11 and 12 solved. Preferred embodiments of the invention are the subject of Subclaims.

Das hier beschriebene Verfahren und die Vorrichtung bewirken, daß der Zugriff auf die so versiegelten Daten in der Regel verwehrt bleibt und stellen damit einen wesentlichen Schritt in Richtung Dokumentenechtheit und rechtsverbindlicher Kommunikation dar (s. Fig. 1 Datenflußschema).The method and the device described here cause access to the Sealed data is usually denied and thus represents an essential Step towards document authenticity and legally binding communication (see Fig. 1 data flow scheme).

Für den Datentransport bedeutet dies, daß die Authentizität von Sender und Empfänger gewährleistet und eine unbefugte Einsicht in die versandten Daten durch die gleichzeitige Verschlüsselung verhindert wird.For data transport, this means that the authenticity of the sender and receiver guaranteed and unauthorized access to the data sent by the simultaneous Encryption is prevented.

Das Verfahrens und die Vorrichtung zur Versiegelung von Computerdaten mittels Kombination aus Normalzeiteinbindung, Authentisierung und Verschlüsselung schützt die so versiegelten Daten vor unberechtigtem Zugriff bzw. Manipulation, sowohl im stationären EDV-Bereich (Ausführungsbeispiel PC-Einsteckkarte) als auch bei der Datenfernübertragung (Ausführungsbeispiel Zusatzplatine). Siehe, Fig. 2: Vorrichtung zur Datenversiegelung. The method and the device for sealing computer data by means of a combination from normal time integration, authentication and encryption protects them sealed data from unauthorized access or manipulation, both in stationary IT area (exemplary embodiment PC plug-in card) as well as for remote data transmission (Example of additional board). See, Fig. 2: Device for data sealing.

Auf der PC-Ebene wird zur Nachrüstung eine Einsteckkarte, für die DFÜ-Geräte eine Zusatzplatine favorisiert. Selbstverständlich ist es ein Bestreben der Technik, derartige Schaltungen zu miniaturisieren und auf möglichst kleinem Raum zusammenzufassen. Vor allem bei Neugeräten läßt sich stückzahlabhängig auch eine anwenderspezifische IC- (ASIC)-Lösung realisieren. Eine Ankopplung der erfindungsgemäßen Vorrichtung an den PC (d.h. Computer allgemein) kann auch über eine beliebige Schnittstelle (seriell, parallel, PCMCIA Adapter) erfolgen.At the PC level, a plug-in card is used for retrofitting, and one for the EDI devices Additional board favored. Of course, it is an attempt by technology to do this Miniaturize circuits and combine them in the smallest possible space. Depending on the quantity, a user-specific one can also be used, especially for new devices Implement IC (ASIC) solution. A coupling of the device according to the invention the PC (i.e. computer in general) can also be connected via any interface (serial, parallel, PCMCIA adapter).

Die Komponenten der Vorrichtung und des Verfahrens zeigt Fig. 33 shows the components of the device and the method

Die Vorrichtung besteht aus elektronischen Bausteinen, die folgende Aufgaben zu erfüllen haben:

  • Signalauswertung
  • Signalüberprüfung
  • Bereitstellung der Identifikationsnummer der Vorrichtung
  • Verschlüsselung des empfangenen Signals
  • Manipulationskontrolle
The device consists of electronic components, which have to fulfill the following tasks:
  • Signal evaluation
  • Signal check
  • Providing the device identification number
  • Encryption of the received signal
  • Tamper control

Vorhandene Sender:Existing channels:

Der Sender stellt die Datums- und Uhrzeitinformation bereit. Neben den Zeitzeichensendern kommen auch andere Signalträger wie Satellit, TV-Kabel, Telefon, TV-Sender u.a in Frage. Außerdem kann sogenannten Providern (z.B. Telekom) die Möglichkeit zur Signalvergabe bzw. Einbindung eingeräumt werden.The transmitter provides the date and time information. In addition to the time signal transmitters other signal carriers such as satellite, TV cable, telephone, TV transmitter, etc. in question. So-called providers (e.g. Telekom) can also offer the option of Signal assignment or integration can be granted.

Eigens konstruierte SenderSpecially designed transmitters

Ein eigens konstruierter Sender erhöht die Datensicherheit durch folgende Faktoren:

  • 1 Bereitstellung der Normalzeit in verschlüsselter Form.
  • 2. Variabilität des Sendezeitpunkts.
  • 3 Durchmischung von echter und falscher Information.
  • 4. Sender- Empfangersynchronisation mit begrenzter Gültigkeitsdauer.
  • 5. Mischung der Information von 1 - 4.
  • 6. Bidirektionales Signal zur Signalübermittlung.
    • A specially designed transmitter increases data security through the following factors:
  • 1 Provision of standard time in encrypted form.
  • 2. Variability of the time of transmission.
  • 3 Mixing of real and false information.
  • 4. Transmitter-receiver synchronization with a limited period of validity.
  • 5. Mix the information from 1 - 4.
  • 6. Bidirectional signal for signal transmission.

    • Die Beschaffenheit des Empfängers hängt von der des Senders ab. Prinzipiell können Funk- und Kabelsignale empfangen werden. Eine entsprechende Logik wertet die empfangenen Signale aus.The nature of the receiver depends on that of the transmitter. In principle can Radio and cable signals are received. A corresponding logic evaluates the received ones Signals off.

    Die Überprüfung der Echtheit geschieht bei dem Funkuhrsignal mangels spezifischer zusätzlicher Signale über das Aufwärtszählen des Zeitimpulses, d. h. bei etwaiger Manipulation werden datumsältere Eingaben als das zuletzt abgefragte unverfälschte Datumszeitsignal als Manipulation erkannt. Zusätzlich wird das empfangene Signal mit einer internen Uhr (RTC, Real Time Clock) abgeglichen, wobei Zeitdifferenzen außerhalb eines Kontrollbereiches auf Manipulation hindeuten.The authenticity is checked for the radio clock signal due to a lack of specificity additional signals about the counting up of the time pulse, d. H. with any manipulation entries older than the date are the last queried, unadulterated date-time signal recognized as manipulation. In addition, the received signal with a internal clock (RTC, Real Time Clock) adjusted, with time differences outside of a control area indicate manipulation.

    Die Authentisierung erfolgt über ein Gerät und/oder ein Verfahren, daß die Identität des Senders bzw. des Empfängers einer Nachricht zweifelsfrei festlegt.
    Die elektronische Signatur ist derzeit Gegenstand der Forschung (siehe in Design&Elektronik 14/15, 18.07.95, Kennziffer 212 "Single-Chip-Controller für Kryptokarten"). Es eignen sich auch andere Geräte und Verfahren (Kartenleser, Fingerprint-Reader, und Transpondersysteme wie in Design&Elektronik, Kennziffer 283 "Berührungslose Identifikation" beschrieben, u.a.) zum Nachweis der Authentisierung.    Authentication takes place via a device and / or a method that unequivocally determines the identity of the sender or the recipient of a message.
    The electronic signature is currently the subject of research (see in Design & Electronics 14/15, 07/18/95, reference number 212 "single-chip controller for crypto cards"). Other devices and methods (card readers, fingerprint readers, and transponder systems as described in Design & Electronics, reference number 283 "Non-contact identification", etc.) are also suitable for proving authentication.

    Die Modifikation des Zeitsignals geschieht mittels Hardware (GAL, PAL und/oder andere Hardware-Verschlüsselungsverfahren wie den Clipper-Chip, der in c't Magazin 1994, Heft 8, S. 24 "Die NSA und der Clipper-Chip" erläutert ist) und/oder mittels Software (Verschlüsselungsalgorithmus, z.B. nach dem RSA-Verfahren, näheres dazu in c't Magazin 1994, Heft 8, S. 230 ff: "Datenschlösser, Grundlagen der Kryptologie". Eine Entschlüsselung kann nur von der Person erfolgen, die den Schlüssel zu der Modifikationslogik besitzt.The time signal is modified using hardware (GAL, PAL and / or others Hardware encryption methods such as the Clipper chip, which was published in c't Magazin 1994, Issue 8, p. 24 "The NSA and the Clipper Chip" is explained) and / or using software (Encryption algorithm, e.g. according to the RSA procedure, more details in c't magazine 1994, Issue 8, pp. 230 ff: "Data Locks, Fundamentals of Cryptology". A decryption can only be done by the person who holds the key to the modification logic owns.

    Zur Verhütung einer mechanischen Manipulation werden der Chip bzw. die entsprechenden Komponenten der Einsteckkarte eingegossen und mit einer elektromechanischen Koppelungstechnik versehen, sodaß ein nachträgliches Auslesen von Microprozessor-Elementen erschwert wird . Wie aus Fig. 5 hervorgeht, hat der Kontakt der Schirmung 1 und 2 das Löschen der programmierten Bauteile zur Folge, sog. Blackbox-Lösung.To prevent mechanical manipulation, the chip or the corresponding Components of the plug-in card cast in and with an electromechanical Coupling technology provided, so that a subsequent reading of microprocessor elements is difficult. 5, the contact has the Shielding 1 and 2 result in the deletion of the programmed components, so-called black box solution.

    Eine Datenmanipulation wird durch die Paritätsprüfung und andere mathematische und/oder Hardware-Prüfverfahren erkannt. Die Sicherheit steigt mit der Komplexität der Prüfverfahren.Data manipulation is done through parity checking and other mathematical and / or hardware test methods recognized. Security increases with the complexity of the Test method.

    In Amerika haben unabhängige Einrichtungen für den Datenschutz sogenannte "Trust Center" eingerichtet, um als außenstehende dritte Partei eine Vertrauensfunktion im Datenschutz zu übernehmen. Dies betrifft die Ver- und Entschlüsselung, die Vergabe und das Aufbewahren von Schlüsseln sowie die Kooperation mit Providern und entsprechenden Notariaten zur neutralen Beglaubigung von Kommunikationsschlüsseln, u.a. Näheres findet sich in Praxis Computer Nr. 2, 10. März 95, S.16/17; "Mit Chipkarten ist vieles möglich".In America, independent data protection institutions have so-called "trust Center "set up to act as a trusted third party as an outside party To take data protection. This concerns encryption and decryption, the allocation and the storage of keys and the cooperation with providers and corresponding Notaries for the neutral authentication of communication keys, e.g. Further details can be found in Praxis Computer No. 2, March 10, 95, pp. 16/17; "With smart cards is much possible ".

    Ein Dokument enthält neben der Identifikation (z.B. Unterschrift), dem Datum und ggf der Zeit auch den Ort der Dokumentenerstellung. Über Satellitenortung (GPS, globales Positionsbestimmungssystem) läßt sich dieser Ort hinreichend identifizieren und in das Dokument genauso einbinden wie z.B. die Normalzeit.In addition to identification (e.g. signature), a document contains the date and, if applicable, the time of the creation of the document. Via satellite positioning (GPS, global Positioning system), this location can be sufficiently identified and incorporated into the Include document in the same way as e.g. the normal time.

    Wird die Vorrichtung als eine PC-Einsteckkarte ausgeführt, so übernimmt das Funkuhrsignal DCF 77 der Physikalisch Technischen Bundesanstalt in Braunschweig die Rolle des Senders Empfänger für Zeitsignale gibt es in verschiedenen Ausführungen (Größe, Empfangscharakteristik). Das empfangene Signal wird demoduliert und verstärkt als ein 100 ms bzw. ein 200 ms Impuls pro Sekunde an die PC-Einsteckkarte zur Auswertung weitergegeben Ein Microcontroller auf der Einsteckkarte setzt die empfangenen Signalimpulse in eine Zeitinformation um und speichert über eine spezielle Logik, die individuell auf jede Einsteckkarte zugeschnitten ist, die zuletzt empfangene Zeit ab. Die Validierung des DCF-77 Signals zeigt Fig. 7.If the device is designed as a PC plug-in card, the radio clock signal takes over DCF 77 of the Physikalisch Technische Bundesanstalt in Braunschweig of the transmitter There are different versions of the receiver for time signals (size, Reception characteristics). The received signal is demodulated and amplified as a 100 ms or a 200 ms pulse per second to the PC plug-in card for evaluation passed on A microcontroller on the plug-in card sets the received signal pulses into a time information and saves using a special logic that is individual is tailored to each plug-in card, the last time received. The validation of the DCF-77 signal is shown in FIG. 7.

    Jede Einsteckkarte ist mit einer individuellen Identifikationsnummer versehen. Hard- und Software verwenden diese Nummer zur Maschinenidentifizierung. Die Bausteine für den Empfang, die Authentisierung und Verschlüsselung brauchen, wie das Ausführungsbeispiel Einsteckkarte am PC in Fig. 6 zeigt, nicht notwendigerweise alle auf der Karte selbst angeordnet zu sein.Each plug-in card is provided with an individual identification number. Hard and Software use this number for machine identification. The building blocks for the Receiving that need authentication and encryption, like the embodiment Plug-in card on the PC in Fig. 6 shows, not necessarily all on the card to be arranged yourself.

    Das von der Originaldatei mittels eines Signaturverfahrens (z.B. MD5, Message Digest 5 von Ron Rivest, o.ä.) erzeugte Signal wird mit einem Header (Information über die beteiligten Größen wie Betriebssystemversion, Dateigröße, u.a.) versehen und mit einem definierten Teil der Originaldatei selbst zu einem Block geformt, der im vorliegenden Fall eine Größe von 4kByte einnimmt (sogenannter 4kBlock).That from the original file using a signature process (e.g. MD5, Message Digest 5 signal generated by Ron Rivest, or similar) is provided with a header (information about those involved Sizes such as operating system version, file size, etc.) and with a defined part of the original file itself into a block, which in the present case has a size of 4kByte (so-called 4kBlock).

    Die Microcontroller-Software greift auf das Zeitsignal zu, baut es in den 4kBlock ein, verschlüsselt diesen in der Blackbox und hängt die zeitgestempelte digitale Signatur an die Orignaldatei an. Optional kann diese auch separat gespeichert oder zusammen mit der Originaldatei erneut verschlüsselt werden. (s. Fig. 8).The microcontroller software accesses the time signal, installs it in the 4k block, encrypts it in the black box and attaches the time-stamped digital signature the original file. Optionally, this can also be saved separately or together with the original file can be encrypted again. (see Fig. 8).

    Die Entschlüsselung kann nur über den Schlüsselinhaber erfolgen. Dabei wird eine Überprüfung auf nachträgliche Manipulation durch die Signaturüberprüfung durchgeführt.Decryption can only be done by the key holder. Doing so Verification of subsequent manipulation carried out by the signature verification.

    Wird die erfindungsgemäße Vorrichtung als Zusatzkarte ausgeführt, so entsprechen die Voraussetzungen für Sender und Empfänger der Realisierung der Vorrichtung als PC-Einsteckkarte (s.o.).If the device according to the invention is designed as an additional card, then the corresponding Requirements for the transmitter and receiver for the implementation of the device as a PC plug-in card (so.).

    Im Bereich der DFÜ kommt neben der Dokumentenechtheit der Datensicherung beim Transport eine entscheidende Rolle zu Vor dem Versand werden die Daten unter Einbindung des Zeitsignals wie beschrieben verschlüsselt. Ver- und Entschlüsselung erfolgen durch Logik-Bausteine, die entsprechend den Randbedingungen der DFÜ-Geräte auf kleinstem Raum integriert sein müssen Die Verschlüsselungs-Software wird z.B. im EPROM abgelegt, die Verschlüsselungs-Hardware kann zum Beispiel aus einem Clipper-Chip bestehen. In the field of data transmission, in addition to document authenticity, data backup also comes with Transport plays a crucial role Before sending the data is integrated the time signal is encrypted as described. Encryption and decryption are done through logic modules that correspond to the boundary conditions of the EDI devices must be integrated in the smallest space The encryption software is e.g. in the EPROM stored, the encryption hardware, for example, from a clipper chip consist.

    Neben den o.a. Sicherheitsvorkehrungen schafft das Zeitsignal durch die Festlegung des Sende- und Empfangszeitpunkts wahrer und falscher Information weitere Hürden gegen unbefugte Einsichtnahme und/oder Manipulation.In addition to the above Safety precautions create the time signal by setting of the time of sending and receiving true and false information further hurdles against unauthorized inspection and / or manipulation.

    Eine bevorzugte Ausführungsform ist nachfolgend anhand der beigefügten Zeichnungen beschrieben, in denen

  • Fig. 1 ein Datenflußschema der Kommunikation einer versiegelten Datei zeigt,
  • Fig. 2 ein Schemabild einer erfindungsgemäßen Vorrichtung zur Datenversiegelung zeigt,
  • Fig. 3 die Komponenten der Vorrichtung nach Fig. 2 zeigt,
  • Fig. 4 mögliche Sender zur Distribution des verwendeten Zeitsignals zeigt,
  • Fig. 5 eine Schutzvorrichtung gegen unbefugtes Auslesen der programmierten Bauteile der erfindungsgemäßen Vorrichtung zeigt,
  • Fig. 6 ein Schemabild des erfindungsgemäßen Verfahrens zeigt, wobei die erfindungsgemäßen Vorrichtung als Einsteckkarte eines PCs realisiert ist,
  • Fig. 7 ein Blockdiagramm der Validierung eines externen Zeitsignals, beispielsweise eines DCF77 Signals, sowie der nachfolgenden Aktualisierung der Echtzeituhr zeigt,
  • Fig. 8 ein Blockdiagramm der Einbindung der Normalzeit beim Verschlüsseln zeigt, und
  • Fig. 9 ein Schemabild des Verfahrens und der Vorrichtung zur Versiegelung von Computerdaten zeigt.
    • A preferred embodiment is described below with reference to the accompanying drawings, in which
  • 1 shows a data flow diagram of the communication of a sealed file,
  • 2 shows a schematic image of a device for data sealing according to the invention,
  • 3 shows the components of the device according to FIG. 2,
  • 4 shows possible transmitters for distributing the time signal used,
  • 5 shows a protective device against unauthorized reading of the programmed components of the device according to the invention,
  • 6 shows a schematic diagram of the method according to the invention, the device according to the invention being implemented as a plug-in card of a PC,
  • 7 shows a block diagram of the validation of an external time signal, for example a DCF77 signal, and the subsequent update of the real-time clock,
  • 8 shows a block diagram of the incorporation of the normal time when encrypting, and
  • 9 shows a schematic image of the method and the device for sealing computer data.

    • Fig. 1 zeigt das Datenflußschema einer Datei, die senderseitig verschlüsselt, übertragen und empfängerseitig wieder entschlüsselt wird, wobei zur Verschlüsselung der Daten ein Signal eingebunden wird, das die Normalzeit einer externen Quelle und einen Authentisierungscode enthält. Auf der Senderseite liegt eine Datei des Inhalts abc beispielsweise in einem PC, einem Fax, Telex, Handy oder dergleichen vor. Diese Datei kann über eine Transportebene, beispielsweise Datenfernübertragung (DFÜ) zur Empfängerseite übertragen werden. In diesem Fall ist der Inhalt der Datei manipulierbar. Die Empfängerseite umfaßt gleiche Komponenten wie die Senderseite, nämlich PC, Fax, Telex, Handy, oder dergleichen. Um nachträgliche Manipulationen der Datei ausschließen zu können und damit eine Dokumentenechtheit zu erzielen, wird die senderseitige Datei des Inhalts abc einer Verschlüsselung unterzogen, wobei in die Verschlüsselung validiert eine Normalzeit (extern) und eine Identifikation eingebunden wird. Die so verschlüsselte Datei mit einem nicht lesbaren Inhalt wird über die Transportebene zum Empfänger übertragen. Empfängerseitig wird die übertragene, verschlüsselte Datei durch einen Schlüsselbesitzer entschlüsselt, wobei eine Manipulationsüberprüfung und eine Authentisierungskontrolle stattfindet. Anschließend liegt die Datei wieder in der lesbaren Form mit dem Inhalt abc vor.1 shows the data flow diagram of a file which is encrypted on the transmitter side and is decrypted on the receiver side, whereby to encrypt the data Signal is integrated, the normal time of an external source and an authentication code contains. For example, there is a file of the content abc on the transmitter side in a PC, fax, telex, cell phone or the like. This file can be over a transport level, for example remote data transmission (DFÜ) to the recipient side be transmitted. In this case, the content of the file can be manipulated. The receiving end includes the same components as the transmitter side, namely PC, fax, telex, Cell phone, or the like. To rule out subsequent manipulation of the file can and thus achieve document authenticity, the sender file the content abc undergo encryption, being validated in the encryption a normal time (external) and an identification is integrated. The one so encrypted A file with an illegible content is converted via the transport level to Transfer recipient. The transmitted, encrypted file is sent to the recipient decrypted by a key owner, with a manipulation check and an authentication check takes place. Then the file is in the readable again Form with the content abc before.

    Fig. 2 zeigt ein Diagramm möglicher Ausführungsformen der erfindungsgemäßen Vorrichtung zur Versiegelung von Computerdaten. Im Fall einer stationären Verwendung der Vorrichtung, beispielsweise in einem PC, einem Notebook oder dergleichen kann die Vorrichtung in der Form einer Einsteckkarte ausgeführt werden, falls das stationäre Gerät nachgerüstet wird Im Fall eines Neugerätes oder einer Erstausrüstung kann die erfindungsgemäße Vorrichtung durch einen integrierten Schaltkreis, beispielsweise durch ein ASIC, realisiert werden Wird die erfindungsgemäße Vorrichtung nichtstationär, d.h. in der Datenfernübertragung, beispielsweise in einem Fax, einem Modem oder dergleichen, verwendet, so kann im Fall einer Nachrüstung dies beispielsweise durch eine Zusatzplatine erfolgen. Bei einem Neugerät wird die Vorrichtung wie im stationären Fall durch einen integrierten Schaltkreis, beispielsweise einem ASIC, realisiert.2 shows a diagram of possible embodiments of the device according to the invention for sealing computer data. In the case of stationary use the device, for example in a PC, a notebook or the like Device can be run in the form of a plug-in card if the stationary device is retrofitted In the case of a new device or original equipment, the invention Device by an integrated circuit, for example by a ASIC, the device according to the invention becomes non-stationary, i.e. in remote data transmission, for example in a fax, modem or the like, used, in the case of retrofitting this can be done, for example, with an additional board respectively. With a new device, the device becomes like in a stationary case by an integrated circuit, for example an ASIC.

    Fig. 3 zeigt ein schematisches Strukturdiagramm der erfindungsgemäßen Vorrichtung, bestehend aus den übergeordneten Komponenten Empfänger, Authentisierung und Codierer.3 shows a schematic structural diagram of the device according to the invention, consisting of the higher-level components receiver, authentication and Encoder.

    Der Empfänger empfängt Datum- und Uhrzeitinformation. Weiterhin ist es möglich eine Ortsinformation, die beispielsweise aus einem GPS-Signal stammen kann, ebenfalls einzubinden Diese Information wird decodiert, wobei in der vorliegenden Ausführungsform zur Verdeutlichung beispielhaft ein Zeitsignaldecoder angegeben ist. Als Sender der Datum-,Zeit- und/oder Ortsinformation kommen die im vorangegangenen bereits aufgeführten Quellen einschließlich eines eigens zu diesem Zweck konstruierten Senders in Betracht.The recipient receives date and time information. It is also possible to use a Location information, which can come from a GPS signal, for example, also This information is decoded, in the present embodiment a time signal decoder is given as an example for clarification. As a transmitter the date, time and / or location information comes already in the previous one listed sources, including a transmitter specially designed for this purpose into consideration.

    Die Authentisierung legt die Identität des Senders bzw. Empfängers der Nachricht/Datei fest. Dies kann beispielsweise mittels eines Kartenlesers erfolgen. Ferner kann die Authentisierung mittels eines Identitätsverfahren, wie einer elektronischen Signatur, erfolgen.The authentication establishes the identity of the sender or recipient of the message / file firmly. This can be done using a card reader, for example. Authentication can also by means of an identity process, such as an electronic signature.

    Die Verschlüsselung der Vorrichtung kann über eine entsprechende Hardware, beispielsweise einem Clipperchip, oder einer geeigneten Software, d. h. einen entsprecheden Verschlüsselungsalgorithmus, erfolgen.The device can be encrypted using appropriate hardware, for example a clipper chip, or suitable software, d. H. a corresponding Encryption algorithm.

    Fig. 4 zeigt eine nicht vollständige Übersicht über mögliche Sender eines geeigneten Zeitsignals. Das notwendige Zeitsignal kann über Funk, beispielsweise als DCF77-Signal der Physikalisch Technischen Bundesanstalt Braunschweig, oder über Satellit gesendet werden Eine Übertragung des Zeitsignals über Kabel innerhalb eines TV-Signals oder Telefonsignals ist ebenfalls möglich.Fig. 4 shows an incomplete overview of possible transmitters of a suitable one Time signal. The necessary time signal can be transmitted by radio, for example as a DCF77 signal the Physikalisch Technische Bundesanstalt Braunschweig, or via satellite A transmission of the time signal via cable within a TV signal or telephone signal is also possible.

    Fig. 5 zeigt eine Schutzvorrichtung gegen unbefugtes Auslesen oder Manipulieren der programmierten Bauteile einer erfindungsgemäßen Vorrichtung. Die dargestellte sog Blackbox-Lösung umfaßt zwei als erste und zweite Schirmung ausgebildete Schutzgitter, die die erfindunggemäße Vorrichtung umgeben, wobei die auf einer Platine angeordneten elektronischen Bauteile und die Schirmungen in einer Vergußmasse eingegossen sind. Ferner ist ein Akkumulator in der Vorrichtung angeordnet, dessen Potential mit den Schirmungen und den programmierten Bauteilen so verbunden ist, daß eine Kontaktierung (Kurzschluß) der beiden Schirmungen miteinander beispielsweise ein Löschen oder Zerstören der verbundenen Bauteile zur Folge hätte.Fig. 5 shows a protective device against unauthorized reading or manipulation of programmed components of a device according to the invention. The so-called Blackbox solution comprises two protective grids designed as first and second shields, which surround the device according to the invention, the arranged on a circuit board electronic components and the shields cast in a potting compound are. Furthermore, an accumulator is arranged in the device, the potential of which the shields and the programmed components are connected so that a Contacting (short circuit) of the two shields with one another, for example deleting or Destruction of the connected components would result.

    Fig. 6 zeigt eine Ausführung des erfindungsgemäßen Verfahrens bzw der Vorrichtung als Einsteckkarte in einem PC und die notwendigen Funktionsteile Ein Funkuhrsender sendet beispielsweise (Bundesrepublik Deutschland) die Normalzeit als DCF77-Signal. 6 shows an embodiment of the method or device according to the invention as a plug-in card in a PC and the necessary functional parts A radio clock transmitter for example (Federal Republic of Germany) sends standard time as a DCF77 signal.

    Ein geeigneter Funkuhrempfänger wandelt diese Signale in ein serielles Taktsignal, das in die als PC-Karte realisierte erfindungsgemäße Vorrichtung gegeben wird. Die PC-Einsteckkarte umfaßt einen Microcontroller, ein EPROM, ein EEPROM, Logikschaltungen, beispielsweise GALs, PALs, ASICs oder dergleichen, einen Codierer und einen Bustreiber. Weiter wird über einen Kartenleser eine entsprechende Signatur eingegeben. Mittels einer Software und der Einsteckkarte wird in dem PC die Datei des Inhalts "abc" verschlüsselt, zeitgestempelt und signiert, so daß sich die zu übertragende Datei mit dem entsprechend verschlüsselten Inhalt ergibt.A suitable radio clock receiver converts these signals into a serial clock signal into the device according to the invention realized as a PC card. The PC plug-in card includes a microcontroller, an EPROM, an EEPROM, logic circuits, for example GALs, PALs, ASICs or the like, an encoder and a bus driver. Further an appropriate signature is entered via a card reader. By means of a Software and the plug-in card, the file of the content "abc" is encrypted in the PC, time stamped and signed so that the file to be transferred matches the encrypted content results.

    Fig. 7 zeigt die Validierung des empfangenen Zeitsignals in dem Microcontroller der Fig 6 Der Empfängerbausteil liefert ein DCF77-Signal tocF an den Microcontroller. Das EEPROM der Vorrichtung enthält das zuletzt gültige Zeitsignal tE, wobei die Bedingung tDCF > tE erfüllt sein muß. Eine in der erfindungsgemäßen Vorrichtung angeordnete Echtzeituhr, die als eigenständiger Baustein oder mittels des Microcontrollers realisiert sein kann, enthält die aktuelle Zeit tA mit einer Toleranz T, die beispielsweise 1 sec/Monat betragen kann. Es wird der Vergleich tDCF - tA < | T (tA - tE)| durchgeführt. Ist der Vergleich positiv, so wird das DCF77-Signal zur Zeitstempelung verwendet und die Echtzeit aktualisiertFIG. 7 shows the validation of the received time signal in the microcontroller of FIG. 6. The receiver component supplies a DCF77 signal tocF to the microcontroller. The EEPROM of the device contains the last valid time signal t E , whereby the condition t DCF > t E must be fulfilled. A real-time clock arranged in the device according to the invention, which can be implemented as an independent component or by means of the microcontroller, contains the current time t A with a tolerance T, which can be, for example, 1 sec / month. The comparison t DCF - t A <| T (t A - t E ) | carried out. If the comparison is positive, the DCF77 signal is used for time stamping and the real time is updated

    Fig. 8 zeigt schematisch die Einbindung der Normalzeit beim Verschlüsseln. Von einer Originaldatei "demo txt" wird ein Signat mittels eines Signaturverfahrens erzeugt und mit einem Header versehen. Mit einem definierten Teil der Originaldatei wird daraus ein sog. 4kByte Block "4kblock.sta" erzeugt. In der Blackbox greift der Microcontroller auf das Zeitsignal DCF77 (oder GPS) zu und führt die in der Fig. 7 beschriebene Validierung des DCF77-Signals durch. Der Vorgang ist auf n-Versuche begrenzt. Das validierte Zeitsignal wird in den 4kByte Block eingebaut und in der Blackbox verschlüsselt. Der verschlüsselte 4kByte Block "4kblock.tst", d.h. die sog. zeitgestempelte digitale Signatur, wird mittels einer Software und über den PC-Bus an die Originaldatei "demo.txt" angehängt . Optional kann die Kombination der Originaldatei "demo.txt" und der Signatur "4kblock.tst" separat gespeichert oder zusammen erneut zu einer Datei "demo.tsc" verschlüsselt werden. Weitere Ein-/Ausgänge der Blackbox sind Motherboardaktivierung, Chipkarten Leser/Schreiber und Transponder. Fig. 8 shows schematically the inclusion of the normal time when encrypting. From one Original file "demo txt" is created using a signature process and with provide a header. With a defined part of the original file it becomes a so-called 4kByte block "4kblock.sta" generated. The microcontroller picks up in the black box the time signal DCF77 (or GPS) and performs the validation described in FIG. 7 of the DCF77 signal. The process is limited to n attempts. The validated Time signal is built into the 4kByte block and encrypted in the black box. The encrypted 4kByte block "4kblock.tst", i.e. the so-called time-stamped digital signature, is transferred to the original "demo.txt" file using software and the PC bus attached . Optionally, the combination of the original file "demo.txt" and the signature "4kblock.tst" saved separately or together again to a file "demo.tsc" be encrypted. Other inputs / outputs of the black box are motherboard activation, Chip card readers / writers and transponders.

    Fig. 9 zeigt einen Gesamtüberblick über das Verfahren und die Vorrichtung zur Versiegelung von Computerdaten, sowohl für den "stationären" Betrieb als auch für die "DFÜ"-Anwendung. Die Normalzeit (und gegebenenfalls weitere Informationen) wird mittels eines Zeitsenders oder Kabels einem Sende-PC oder Sende-DFÜ, zb. Faxgerät, zugeführt, die die Codierung/Decodierung einer entsprechenden Information (Datei) durchführen. Mittels einer Datenfernübertragung wird die verschlüsselte Datei übertragen (gestrichelte Linien bedeuten ein codiertes DFÜ-Signal). Der jeweilige Sende-PC, bzw das Sender-Fax, ist mit einem entsprechenden Empfangs-PC bzw. Empfangs-Fax über einen entsprechenden DFÜ-Weg verbunden. Die Sende-/Empfangsfunktion kann gegenenfalls vertauscht sein. Sowohl sende- als auch empfangsseitig kann eine Dekodierung, eine Archivierung oder ein Ausdruck erfolgen, falls eine Berechtigung vorliegt.9 shows an overall overview of the method and the device for sealing of computer data, both for "stationary" operation and for "dial-up" application. The normal time (and possibly further information) is determined by a time transmitter or cable, a transmission PC or transmission EDI, e.g. Fax machine, fed, who perform the coding / decoding of a corresponding information (file). The encrypted file is transmitted by means of remote data transmission (Dashed lines mean a coded dial-up signal). The respective sending PC or the sender fax, is over with a corresponding receiving PC or receiving fax a corresponding EDI path connected. The send / receive function can otherwise be reversed. Decoding, both on the transmitting and receiving side, archiving or printing out if authorization is available.

    Claims (21)

    1. A method of preparing a time stamp for digital data comprising the following steps:
      a) Receiving and evaluating an external broadcast or cable signal from an external time source from which the standard time tDCF can be derived,
      b) Comparing the standard time tDCF obtained in a) with an internal actual time signal tA from an internal clock,
      c) Time-stamping the digital data if the difference between the internal and the external time signal is within a preset tolerance range,
      wherein the latest valid standard time signal tE must satisfy the inequality tDCF > tE, and
      wherein the following inequality must apply for comparison of the actual external standard time tDCF with the actual internal time tA: tDCF - tA < |T * (tA - tE)|, wherein T denotes the tolerance of the internal clock.
    2. A method of sealing digital data comprising the following steps:
      a) Receiving and evaluating an external broadcast or cable signal from an external time source from which the standard time tDCF can be derived,
      b) Comparing the standard time tDCF obtained in a) with an internal actual time signal tA from an internal clock,
      c) Time-stamping the digital data if the difference between the internal and the external time signal is within a preset tolerance range,
      wherein the latest valid standard time signal tE must satisfy the inequality tDCF > tE, and
      wherein the following inequality must apply for comparison of the actual external standard time tDCF with the actual internal time tA: tDCF - tA < |T * (tA - tE)|, wherein T denotes the tolerance of the internal clock, and
      d) Coding the time-stamped digital data.
    3. A method according to claim 2, characterised in that a signature for the digital data for time-stamping is obtained, the signature being time-stamped and subsequently coded.
    4. A method according to any of the preceding claims, characterised in that the external broadcast or cable signal is the broadcast clock signal DCF77 of the Physikalisch-Technischen Bundesanstalt or the broadcast clock signal from another time transmitter.
    5. A method according to any of claims 1 to 3, characterised in that the external broadcast or cable signal is from an independent transmitter, wherein the external broadcast or cable signal contains an authenticating code which sufficiently identifies the transmitter.
    6. A method according to claim 5, characterised in that the external broadcast or cable signal is transmitted in coded form.
    7. A method according to claim 5 or 6, characterised in that external broadcast or cable signal is transmitted or received at a time which itself is a part of the coding.
    8. A method according to any of claims 5 - 7, characterised in that the external broadcast or cable signal contains true and false information.
    9. A method according to any of the preceding claims, characterised in that the external broadcast or cable signal contains information from which the place of reception can be determined.
    10. A method according to any of the preceding claims, characterised in that the external broadcast or cable signal is a GPS signal.
    11. Apparatus for preparing a time stamp for digital data comprising:
      A receiver for receiving and evaluating an external broadcast or cable signal from an external time source from which the standard time tDCF can be derived,
      An internal clock for generating an internal time signal tA,
      A comparator for comparing the obtained external standard time tDCF with the internal time tA,
      A memory containing a latest valid standard time signal tE and
      A means for time-stamping the digital data if the difference between the internal and the external standard time signal is within a preset tolerance range,
         wherein the latest valid standard-time signal tE must satisfy the inequality tDCF > tE and    wherein the following inequality must apply for comparison of the actual external standard time tDCF with the actual internal time tA: tDCF - tA < |T * (tA - tE)|, wherein T denotes the tolerance of the internal clock.
    12. Apparatus for sealing digital data comprising
      A receiver for receiving and evaluating an external broadcast or cable signal from an external time source from which the standard time tDCF can be derived,
      An internal clock for generating an internal time signal tA,
      A comparator for comparing the obtained external standard time tDCF with the internal time tA,
      A memory containing a latest valid standard time signal tE and
      A means for time-stamping the digital data if the difference between the internal and the external standard time signal is within a preset tolerance range,
         wherein the latest valid standard-time signal tE must satisfy the inequality tDCF > tE and    wherein the following inequality must apply for comparison of the actual external standard time tDCF with the actual internal time tA: tDCF - tA < |T * (tA - tE)|, wherein T denotes the tolerance of the internal clock,
      and
      a means for coding the time stamped digital data.
    13. Apparatus according to claim 11 or 12,
      characterised in that after positive evaluation of the comparison, the latest valid time signal tE in the form of the standard time tDCF is stored in the memory and the internal real-time clock is updated.
    14. Apparatus according to claim 12 or 13,
      characterised in that the apparatus comprises a means for preparing a signature for the digital data to be time stamped, wherein the signature is time-stamped and coded.
    15. Apparatus according to any of claims 11 to 14,
      characterised in that the apparatus comprises an authenticating device.
    16. Apparatus according to any of claims 11 to 15,
      characterised in that the apparatus has an identification number which is incorporated in the coding process.
    17. Apparatus according to any of claims 11 to 16,
      characterised in that signal processing in the apparatus is performed by microprocessor components.
    18. Apparatus according to any of claims 11 to 17,
      characterised in that the apparatus is protected against clocking-down.
    19. Apparatus according to any of claims 11 to 18,
      characterised in that the apparatus is integrally cast with its components and is provided with an electromechanical coupling technique.
    20. Apparatus according to any of claims 11 to 19,
      characterised in that the apparatus is disposed on a main computer circuit board or inside a means that can be used for remote data transmission.
    21. Apparatus according to any of claims 11 to 19,
      characterised in that the apparatus is in the form of a PC plug-in card or additional circuit board.
    EP96931023A 1995-09-04 1996-09-04 Method and device for the sealing of computer data Expired - Lifetime EP0848872B1 (en)

    Applications Claiming Priority (3)

    Application Number Priority Date Filing Date Title
    DE19532617A DE19532617C2 (en) 1995-09-04 1995-09-04 Method and device for sealing computer data
    DE19532617 1995-09-04
    PCT/EP1996/003893 WO1997009802A1 (en) 1995-09-04 1996-09-04 Method and device for the sealing of computer data

    Publications (2)

    Publication Number Publication Date
    EP0848872A1 EP0848872A1 (en) 1998-06-24
    EP0848872B1 true EP0848872B1 (en) 2000-03-22

    Family

    ID=7771229

    Family Applications (1)

    Application Number Title Priority Date Filing Date
    EP96931023A Expired - Lifetime EP0848872B1 (en) 1995-09-04 1996-09-04 Method and device for the sealing of computer data

    Country Status (9)

    Country Link
    US (1) US6530023B1 (en)
    EP (1) EP0848872B1 (en)
    JP (1) JPH11504730A (en)
    AT (1) ATE191111T1 (en)
    DE (2) DE19532617C2 (en)
    ES (1) ES2143222T3 (en)
    GR (1) GR3033557T3 (en)
    PT (1) PT848872E (en)
    WO (1) WO1997009802A1 (en)

    Families Citing this family (41)

    * Cited by examiner, † Cited by third party
    Publication number Priority date Publication date Assignee Title
    DE19654342C2 (en) * 1996-12-24 1998-10-15 Karl Michael Marks Method for the transmission of compressed data
    AU779310B2 (en) * 1999-02-26 2005-01-13 Authentidate Holding Corp. Digital file management and imaging system and method including secure file marking
    DE29909708U1 (en) * 1999-06-04 1999-09-23 Rue Cash Systems Gmbh De PC plug-in card
    US7409557B2 (en) 1999-07-02 2008-08-05 Time Certain, Llc System and method for distributing trusted time
    US6898709B1 (en) 1999-07-02 2005-05-24 Time Certain Llc Personal computer system and methods for proving dates in digital data files
    US6948069B1 (en) 1999-07-02 2005-09-20 Time Certain, Llc Method and system for determining and maintaining trust in digital image files with certifiable time
    US8868914B2 (en) * 1999-07-02 2014-10-21 Steven W. Teppler System and methods for distributing trusted time
    US6895507B1 (en) * 1999-07-02 2005-05-17 Time Certain, Llc Method and system for determining and maintaining trust in digital data files with certifiable time
    US6792536B1 (en) 1999-10-20 2004-09-14 Timecertain Llc Smart card system and methods for proving dates in digital files
    US20050160272A1 (en) * 1999-10-28 2005-07-21 Timecertain, Llc System and method for providing trusted time in content of digital data files
    US6993656B1 (en) * 1999-12-10 2006-01-31 International Business Machines Corporation Time stamping method using aged time stamp receipts
    US7490241B1 (en) * 1999-12-10 2009-02-10 International Business Machines Corporation Time stamping method employing user specified time
    DE19961838A1 (en) * 1999-12-21 2001-07-05 Scm Microsystems Gmbh Method and device for checking a file
    US6931549B1 (en) * 2000-05-25 2005-08-16 Stamps.Com Method and apparatus for secure data storage and retrieval
    DE10043500A1 (en) * 2000-09-01 2002-03-28 Bosch Gmbh Robert Method and device for checking the functionality of a timer
    JP4156188B2 (en) * 2000-10-20 2008-09-24 パイオニア株式会社 Information output device, information output method, information recording device, information recording method, information output recording system, information output recording method, and information recording medium
    US7107242B1 (en) * 2000-11-21 2006-09-12 Vasil Paul E Electronic transaction security method
    EP1217784A1 (en) * 2000-12-22 2002-06-26 timeproof Time Signature GmbH Method and apparatus for generating a digital signature
    DE10112177A1 (en) * 2001-03-12 2002-09-26 Jan Wendenburg Speech recognition involves generating signature identifying contents and time of conversation from voice packet, encoding and storing with digital voice packet and time stamp
    DE10112153B4 (en) * 2001-03-14 2006-08-17 DIB - Das innovative Büro GmbH Device for controlling private or public institutions
    US20020169970A1 (en) * 2001-05-10 2002-11-14 Candelore Brant L. Secure time reference for content players
    JP2003028946A (en) * 2001-07-12 2003-01-29 Mitsui & Co Ltd Method and apparatus for position measurement
    WO2003021476A1 (en) * 2001-08-31 2003-03-13 Trac Medical Solutions, Inc. System for interactive processing of form documents
    US20030126447A1 (en) * 2001-12-27 2003-07-03 Jacques Debiez Trusted high stability time source
    JP2003198540A (en) * 2001-12-28 2003-07-11 Canon Inc Image generator and verification data generating method
    US7146504B2 (en) * 2002-06-13 2006-12-05 Microsoft Corporation Secure clock on computing device such as may be required in connection with a trust-based system
    US7370212B2 (en) 2003-02-25 2008-05-06 Microsoft Corporation Issuing a publisher use license off-line in a digital rights management (DRM) system
    DE10311634A1 (en) * 2003-03-14 2004-09-30 Authentidate International Ag Electronic transmission of documents
    DE10358144A1 (en) * 2003-12-10 2005-08-04 Francotyp-Postalia Ag & Co. Kg Authenticating multimedia data, especially image and/or sound data, involves manipulation-proof combination of data with authentication information with source information item(s) for first source that has previously influenced data state
    EP1555592A3 (en) * 2004-01-13 2014-05-07 Yamaha Corporation Contents data management apparatus
    JP4481141B2 (en) * 2004-10-13 2010-06-16 株式会社日立製作所 Storage system and computer system
    DE112005003457T5 (en) * 2005-02-28 2008-03-06 Fujitsu Ltd., Kawasaki Timestamping device, time correction method and time correction program
    JP2006236251A (en) * 2005-02-28 2006-09-07 Fujitsu Ltd Time stamp device, time calibration method and time calibration program
    WO2006092832A1 (en) * 2005-02-28 2006-09-08 Fujitsu Limited Time stamp device, time calibration method, and time calibration program
    US8438645B2 (en) 2005-04-27 2013-05-07 Microsoft Corporation Secure clock with grace periods
    US8725646B2 (en) 2005-04-15 2014-05-13 Microsoft Corporation Output protection levels
    US20060265758A1 (en) 2005-05-20 2006-11-23 Microsoft Corporation Extensible media rights
    JP4804408B2 (en) * 2007-04-17 2011-11-02 株式会社日立製作所 Log analysis method and apparatus
    US8181861B2 (en) 2008-10-13 2012-05-22 Miri Systems, Llc Electronic transaction security system and method
    WO2010099352A1 (en) * 2009-02-25 2010-09-02 Miri Systems, Llc Payment system and method
    WO2011044161A1 (en) 2009-10-05 2011-04-14 Miri Systems, Llc Electronic transaction security system and method

    Family Cites Families (9)

    * Cited by examiner, † Cited by third party
    Publication number Priority date Publication date Assignee Title
    US5189700A (en) * 1989-07-05 1993-02-23 Blandford Robert R Devices to (1) supply authenticated time and (2) time stamp and authenticate digital documents
    US5001752A (en) * 1989-10-13 1991-03-19 Fischer Addison M Public/key date-time notary facility
    US5136643A (en) * 1989-10-13 1992-08-04 Fischer Addison M Public/key date-time notary facility
    US5022080A (en) * 1990-04-16 1991-06-04 Durst Robert T Electronic notary
    ES2142307T3 (en) 1990-08-02 2000-04-16 Telcordia Tech Inc METHOD OF SAFE TIME MARKING IN DIGITAL DOCUMENTS.
    NL9300036A (en) * 1993-01-08 1994-08-01 Nederland Ptt System for testing the usage registration function in a telecommunication system.
    US5422953A (en) * 1993-05-05 1995-06-06 Fischer; Addison M. Personal date/time notary device
    US5444780A (en) * 1993-07-22 1995-08-22 International Business Machines Corporation Client/server based secure timekeeping system
    DE4411780C2 (en) * 1994-04-06 1998-12-17 Wolfgang A Dr Rer Nat Redmann Tap-proof access control device

    Also Published As

    Publication number Publication date
    US6530023B1 (en) 2003-03-04
    ES2143222T3 (en) 2000-05-01
    GR3033557T3 (en) 2000-09-29
    DE19532617C2 (en) 1998-01-22
    EP0848872A1 (en) 1998-06-24
    PT848872E (en) 2000-09-29
    JPH11504730A (en) 1999-04-27
    DE19532617A1 (en) 1997-03-06
    ATE191111T1 (en) 2000-04-15
    DE59604795D1 (en) 2000-04-27
    WO1997009802A1 (en) 1997-03-13

    Similar Documents

    Publication Publication Date Title
    EP0848872B1 (en) Method and device for the sealing of computer data
    EP0635181B1 (en) Process for detecting unauthorised reinjection of data sent by a transmitter to a receiver
    DE69028894T2 (en) Public key notarization facility for date and time
    DE3303846C2 (en)
    EP3318999B1 (en) Method for issuing a virtual version of a document
    EP0795979A2 (en) Method and system for indicating the moment of performing a cryptographic process
    EP0063794A2 (en) Apparatus and process for checking identity
    EP0283432A1 (en) Method and apparatus for protecting secret elements in a cryptographic devices network with open key management
    EP3319006A1 (en) Method for offline authenticity testing of a virtual document
    DE102006000930A1 (en) Memory device, memory devices, methods for moving data from a first memory device to a second memory device and computer program elements
    DE3321910A1 (en) DEVICE AND METHOD FOR PROTECTING SOFTWARE
    DE102006059487A1 (en) Method for receiving a trusted time information
    DE19747603C2 (en) Method for digitally signing a message
    EP1166493B1 (en) Device and method for secure electronic data transmission
    EP0203542A2 (en) Method and apparatus for verifying IC cards
    DE19750522A1 (en) Authentication system for electronic data
    EP0198384A2 (en) Method and device for enciphering data
    DE19701939C2 (en) Method for detecting manipulation carried out on digital, processed information
    DE60032158T2 (en) METHOD FOR PROTECTING TRANSACTION DATA AND SYSTEM FOR IMPLEMENTING THE PROCESS
    DE102021127976B4 (en) Recovering a cryptographic key
    DE19638623A1 (en) Computer system with process for handling coded data
    EP0777356B1 (en) Arrangement for encryptyed data transmission between two different systems
    EP1715617B1 (en) Method for operating a system with a portable data carrier and a terminal device
    DE19604150A1 (en) Transmission data integrity and authentication method
    WO2014053379A1 (en) Reception system and method for operating a reception system

    Legal Events

    Date Code Title Description
    PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

    Free format text: ORIGINAL CODE: 0009012

    17P Request for examination filed

    Effective date: 19980403

    AK Designated contracting states

    Kind code of ref document: A1

    Designated state(s): AT BE CH DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE

    GRAG Despatch of communication of intention to grant

    Free format text: ORIGINAL CODE: EPIDOS AGRA

    17Q First examination report despatched

    Effective date: 19990212

    GRAG Despatch of communication of intention to grant

    Free format text: ORIGINAL CODE: EPIDOS AGRA

    GRAH Despatch of communication of intention to grant a patent

    Free format text: ORIGINAL CODE: EPIDOS IGRA

    GRAH Despatch of communication of intention to grant a patent

    Free format text: ORIGINAL CODE: EPIDOS IGRA

    GRAA (expected) grant

    Free format text: ORIGINAL CODE: 0009210

    AK Designated contracting states

    Kind code of ref document: B1

    Designated state(s): AT BE CH DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE

    REF Corresponds to:

    Ref document number: 191111

    Country of ref document: AT

    Date of ref document: 20000415

    Kind code of ref document: T

    REG Reference to a national code

    Ref country code: CH

    Ref legal event code: NV

    Representative=s name: BOVARD AG PATENTANWAELTE

    Ref country code: CH

    Ref legal event code: EP

    GBT Gb: translation of ep patent filed (gb section 77(6)(a)/1977)

    Effective date: 20000324

    REF Corresponds to:

    Ref document number: 59604795

    Country of ref document: DE

    Date of ref document: 20000427

    ET Fr: translation filed
    REG Reference to a national code

    Ref country code: ES

    Ref legal event code: FG2A

    Ref document number: 2143222

    Country of ref document: ES

    Kind code of ref document: T3

    REG Reference to a national code

    Ref country code: IE

    Ref legal event code: FG4D

    Free format text: GERMAN

    ITF It: translation for a ep patent filed

    Owner name: MODIANO & ASSOCIATI S.R.L.

    REG Reference to a national code

    Ref country code: DK

    Ref legal event code: T3

    REG Reference to a national code

    Ref country code: PT

    Ref legal event code: SC4A

    Free format text: AVAILABILITY OF NATIONAL TRANSLATION

    Effective date: 20000620

    PLBQ Unpublished change to opponent data

    Free format text: ORIGINAL CODE: EPIDOS OPPO

    PLBI Opposition filed

    Free format text: ORIGINAL CODE: 0009260

    PLBF Reply of patent proprietor to notice(s) of opposition

    Free format text: ORIGINAL CODE: EPIDOS OBSO

    26 Opposition filed

    Opponent name: DEUTSCHE POST AG

    Effective date: 20001222

    NLR1 Nl: opposition has been filed with the epo

    Opponent name: DEUTSCHE POST AG

    PLBF Reply of patent proprietor to notice(s) of opposition

    Free format text: ORIGINAL CODE: EPIDOS OBSO

    REG Reference to a national code

    Ref country code: GB

    Ref legal event code: IF02

    PLBO Opposition rejected

    Free format text: ORIGINAL CODE: EPIDOS REJO

    PLBN Opposition rejected

    Free format text: ORIGINAL CODE: 0009273

    27O Opposition rejected

    Effective date: 20030117

    NLR2 Nl: decision of opposition

    Effective date: 20030117

    PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

    Ref country code: MC

    Payment date: 20070919

    Year of fee payment: 12

    PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

    Ref country code: LU

    Payment date: 20070924

    Year of fee payment: 12

    Ref country code: IE

    Payment date: 20070924

    Year of fee payment: 12

    PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

    Ref country code: ES

    Payment date: 20070925

    Year of fee payment: 12

    Ref country code: DK

    Payment date: 20070925

    Year of fee payment: 12

    PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

    Ref country code: FI

    Payment date: 20070920

    Year of fee payment: 12

    Ref country code: CH

    Payment date: 20070924

    Year of fee payment: 12

    Ref country code: AT

    Payment date: 20070926

    Year of fee payment: 12

    PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

    Ref country code: SE

    Payment date: 20070924

    Year of fee payment: 12

    Ref country code: NL

    Payment date: 20070917

    Year of fee payment: 12

    Ref country code: IT

    Payment date: 20070927

    Year of fee payment: 12

    Ref country code: BE

    Payment date: 20070921

    Year of fee payment: 12

    PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

    Ref country code: GR

    Payment date: 20070928

    Year of fee payment: 12

    REG Reference to a national code

    Ref country code: PT

    Ref legal event code: MM4A

    Free format text: LAPSE DUE TO NON-PAYMENT OF FEES

    Effective date: 20090304

    BERE Be: lapsed

    Owner name: *TIMESAFE TRUSTCENTER G.M.B.H.

    Effective date: 20080930

    PLAE Information related to rejection of opposition modified

    Free format text: ORIGINAL CODE: 0009299REJO

    STAA Information on the status of an ep patent application or granted ep patent

    Free format text: STATUS: OPPOSITION REJECTED

    PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

    Ref country code: MC

    Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

    Effective date: 20080930

    REG Reference to a national code

    Ref country code: CH

    Ref legal event code: PL

    Ref country code: CH

    Ref legal event code: PK

    Free format text: DAS DATUM DER ZURUECKWEISUNG DES EINSPRUCHS WURDE VOM EPA BERICHTIGT.

    REG Reference to a national code

    Ref country code: DK

    Ref legal event code: EBP

    R27O Information related to the rejection of opposition modified: opposition rejected

    Effective date: 20021113

    PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

    Ref country code: PT

    Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

    Effective date: 20090304

    Ref country code: NL

    Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

    Effective date: 20090401

    Ref country code: FI

    Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

    Effective date: 20080904

    NLV4 Nl: lapsed or anulled due to non-payment of the annual fee

    Effective date: 20090401

    REG Reference to a national code

    Ref country code: IE

    Ref legal event code: MM4A

    PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

    Ref country code: IE

    Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

    Effective date: 20080904

    Ref country code: BE

    Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

    Effective date: 20080930

    PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

    Ref country code: IT

    Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

    Effective date: 20080904

    Ref country code: AT

    Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

    Effective date: 20080904

    PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

    Ref country code: LI

    Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

    Effective date: 20080930

    Ref country code: CH

    Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

    Effective date: 20080930

    REG Reference to a national code

    Ref country code: GB

    Ref legal event code: 732E

    Free format text: REGISTERED BETWEEN 20091008 AND 20091014

    REG Reference to a national code

    Ref country code: ES

    Ref legal event code: FD2A

    Effective date: 20080905

    PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

    Ref country code: GR

    Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

    Effective date: 20090402

    PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

    Ref country code: PT

    Payment date: 20070830

    Year of fee payment: 12

    REG Reference to a national code

    Ref country code: FR

    Ref legal event code: TP

    PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

    Ref country code: ES

    Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

    Effective date: 20080905

    PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

    Ref country code: DK

    Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

    Effective date: 20090331

    PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

    Ref country code: LU

    Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

    Effective date: 20080904

    PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

    Ref country code: SE

    Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

    Effective date: 20080905

    REG Reference to a national code

    Ref country code: FR

    Ref legal event code: PLFP

    Year of fee payment: 20

    PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

    Ref country code: FR

    Payment date: 20150624

    Year of fee payment: 20

    PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

    Ref country code: GB

    Payment date: 20150825

    Year of fee payment: 20

    PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

    Ref country code: DE

    Payment date: 20150930

    Year of fee payment: 20

    REG Reference to a national code

    Ref country code: DE

    Ref legal event code: R071

    Ref document number: 59604795

    Country of ref document: DE

    REG Reference to a national code

    Ref country code: GB

    Ref legal event code: PE20

    Expiry date: 20160903

    PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

    Ref country code: GB

    Free format text: LAPSE BECAUSE OF EXPIRATION OF PROTECTION

    Effective date: 20160903